Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env bash
- set -e -o pipefail
- trap 'rm -rf ssl' INT
- export CN="$1"
- export C="${C-GB}"
- export ST="${ST-England}"
- export L="${L-London}"
- export EMAIL="${EMAIL-contact@$CN}"
- if [ -z "$1" ]; then
- echo "Please specify a hostname, e.g. example.com as the first parameter."
- exit 1
- fi
- echo "Generating self-signed certificate for $1."
- rm -rf ssl
- mkdir ssl && cd ssl
- cat > cert.cnf << EOF
- [req]
- default_bits = 2048
- prompt = no
- default_md = sha256
- distinguished_name = dn
- [dn]
- C=$C
- ST=$ST
- L=$L
- O=$CN
- OU=$CN
- emailAddress=$EMAIL
- CN = $CN
- EOF
- cat > v3.ext << EOF
- authorityKeyIdentifier=keyid,issuer
- basicConstraints=CA:FALSE
- keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
- subjectAltName = @alt_names
- [alt_names]
- DNS.1 = $CN
- EOF
- openssl genrsa -des3 -out rootCA.key -passout pass:foobar 2048↲
- openssl req -x509 -new -passin pass:foobar -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem -subj "/C=$C/ST=$ST/L=$L/CN=$CN"
- openssl req -new -sha256 -passin pass:foobar -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat cert.cnf )
- openssl x509 -req -passin pass:foobar -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement